← Voltar para CVEs
CVE-2020-8171
CRITICAL9.8
Descricao
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/26/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
ui:ag-hp-2g16ui:ag-hp-2g20ui:ag-hp-5g23ui:ag-hp-5g27ui:airgrid_mui:airgrid_m2ui:airgrid_m5ui:airosui:arui:ar-hpui:bm2-tiui:bm2hpui:bm5-tiui:bm5hpui:is-m5ui:lbem5-23ui:litestation_m5ui:locom2ui:locom5ui:locom9ui:m2ui:m3ui:m365ui:m5ui:m900ui:nb-2g18ui:nb-5g22ui:nb-5g25ui:nbe-m2-13ui:nbe-m5-16ui:nbe-m5-19ui:nbm3ui:nbm365ui:nbm9ui:nsm2ui:nsm3ui:nsm365ui:nsm5ui:pbe-m2-400ui:pbe-m5-300ui:pbe-m5-300-isoui:pbe-m5-400ui:pbe-m5-400-isoui:pbe-m5-620ui:pbm10ui:pbm365ui:pbm5ui:picom2hpui:power_ap_nui:rm2-tiui:rm5-ti
Fraquezas (CWE)
CWE-77CWE-78
Referencias
https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261(support@hackerone.com)
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83(support@hackerone.com)
https://www.ui.com/download/airmax-m(support@hackerone.com)
https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261(af854a3a-2127-422b-91ae-364da2661108)
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83(af854a3a-2127-422b-91ae-364da2661108)
https://www.ui.com/download/airmax-m(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.